11 years of reporting on DDoS and Advanced Threats

January 26, 2016 Arbor Networks

Arbor Networks is proud to release the 11th annual Worldwide Infrastructure Security Report. This report is designed to help network operators understand the breadth of the threats that they face, gain insight into what their peers are doing to address these threats, and comprehend both new and continuing trends. This year’s report features responses from 354 respondents, the most ever by a significant margin, with over half of respondents representing enterprise, government or education. A good global distribution of respondents rounds out what has been our broadest representation of the Internet community ever.

⦁ For an overview of key findings, read the press release
Download the full report
⦁ For data point snippets in infographic form, check out our Pinterest page
⦁ And finally, for a deeper dive into DDoS key findings, join our webinar next week; and for advanced threat key findings, join our webinar in two weeks

Before you dig into the report, we asked two of the report authors Darren Anstee and Gary Sockrider, to share their insight into some of the most interesting stats that caught their eye from the report this year.

Darren Anstee, Chief Security Technologist
From my perspective, the big thing this year in relation to DDoS is around the complexity of the problem. Over the past few years we have focused on the storm of reflection amplification attacks that continue to rage across the Internet – with ever larger peak attack sizes, and proliferation of attacks in the 2-50Gbps range that are capable of saturating the Internet connectivity of many organizations. However, the more complex, stealthy attacks haven’t gone away.  Every year, more of our survey respondents see application-layer attacks on their networks (93% this year) and this year we have seen a big jump in the proportion of respondents seeing multi-vector attacks, up from 42% to 56%. Multi-vector attacks are more complex to deal with, but the right tools make all the difference. On a positive note, the proportions of respondents using Intelligent DDoS Mitigation Systems (IDMS) are up for both enterprise and service provider respondents – so the right solutions are being deployed. And this is just as well, as we are also seeing attack frequencies up across the board.

Gary Sockrider, Principal Security Technologist
Massive volumetric attacks are always headline grabbers, so seeing the largest reported attacks grow 60x over the last 11 years is certainly impressive. Looking a bit closer at the numbers is where it really gets interesting. Prior to 2013, no one had reported an attack greater than 100 Gbps and that attack was reported all the way back in 2010. So, when you plot the graph, the ‘hockey stick’ really only appears in the last few years. Digging a bit deeper, we see that its not just the size but also the volume of very large attacks that is increasing dramatically. Last year, only 20 percent of service providers reported attacks over 50 Gbps. This year, nearly one-quarter report peak attack sizes over 100 Gbps. This truly emphasizes the scale of the DDoS problem.

Looking at motivation behind DDoS attacks this year, the top is response is “criminals demonstrating attack capabilities,” with “gaming” and “criminal extortion attempts” in second and third place respectively. Historically, “ideological hacktivism” has commonly been the top motivation, only displaced last year by “nihilism/vandalism.” This year, however, things have changed. A growing number of respondents are seeing DDoS attacks being used as a distraction for either malware infiltration or data exfiltration.

In a report known for exposing harsh realities, it is always nice to get a bit of good news. On that note, service providers have continued to hone their skills and enhance their capabilities around DDoS detection and mitigation. Once again this year we saw significant increase in service providers indicating they can mitigate DDoS attacks in less than 20 minutes. With about three-quarters of service providers now in this position, it is no surprise to see a corresponding trend of reduced attack durations.

The post 11 years of reporting on DDoS and Advanced Threats appeared first on Arbor Insights - Our People, Products and Perspective.


Previous Article
Cyberhustle – Spotting the Classic Cons at BlackHat
Cyberhustle – Spotting the Classic Cons at BlackHat

I had a chance today with Scott Howitt to have a little fun at BlackHat.  I’ve always enjoyed the show over...

Next Article
Stephen Gostkowski, SOC Analyst

Well, the Patriots lost another heartbreaker in Denver, and it happened because of something that nobody, a...